0514513dd2c53cb46149cf4d57eb6ff29863f9d5b7d1d8dd122d99a0210dae3b

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0292853e8e5fb47cade7d20275690c9.exe
Size

227KB
MD5

e0292853e8e5fb47cade7d20275690c9
SHA1

4a60c7d277a0fd592c6a8c163752e0b8a6a83858
SHA256

0514513dd2c53cb46149cf4d57eb6ff29863f9d5b7d1d8dd122d99a0210dae3b
SHA512

0bbb195c81b76d6e65c9f1042f2cfc7983c4627c73ff95289cc0c2c144ef5c03a145583102da05ccd299a6198a76cb8131ca35eddbc531c8abd08fc02f489bc3
SSDEEP

6144:KifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRV/0:9fk6kDqHw2hmxlrz2HoSRm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x0000000000B90000-0x0000000000C2E000-memory.dmp	upx
behavioral1/memory/2412-42-0x0000000003EA0000-0x0000000003F3E000-memory.dmp	upx
behavioral1/memory/2512-43-0x0000000000B90000-0x0000000000C2E000-memory.dmp	upx
behavioral1/memory/2512-136-0x0000000000B90000-0x0000000000C2E000-memory.dmp	upx
behavioral1/memory/2412-135-0x0000000000B90000-0x0000000000C2E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\License_en.rtf	E02928~1.EXE
File created	C:\PROGRA~2\Zona\utils.jar	E02928~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	E02928~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	E02928~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2676	2412	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2412 wrote to memory of 2676	2412	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2412 wrote to memory of 2676	2412	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2412 wrote to memory of 2676	2412	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2412 wrote to memory of 2512	2412	e0292853e8e5fb47cade7d20275690c9.exe	31

C:\Users\Admin\AppData\Local\Temp\e0292853e8e5fb47cade7d20275690c9.exe
"C:\Users\Admin\AppData\Local\Temp\e0292853e8e5fb47cade7d20275690c9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2676
- C:\Users\Admin\AppData\Local\Temp\E02928~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\E02928~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
c5811360901511caf5ad0b84ad62e3ac

SHA1
36e40509324df98d70b95be766f80eaabfe2d41b

SHA256
e8cebfc2f15677481fa1770276f429587b8422716ba1000d248e9cd951f9cdf7

SHA512
22b7c0115c3d4e5e5d1d0542ad02cfb1abdbb9870b084df6eb983f94aa83943c70378524ec38720fd990b2d521d19aee972ec9f335ecd97a4510851e4700bc0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
acea2947b053faf6ef42ac39db1f0e32

SHA1
b90c5b95d9d9298d7b6702091b97bbe3595f3d72

SHA256
b11873b9e7f6c430e4aab18d2649a0c10bb486549f34cf0ebf3dbbcf0ad4f876

SHA512
77ccf085f5d11b05337470c517216ed39980139c767d214578914a62e00202de51fb76abeb95b7c79fb55ddeaca65ff96d5c115bea327e939894ebf5edb96e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
9fc3ce600138cb0150e1b02fda9638f5

SHA1
05a886abb60854301e0c60d33132b6c9230b1fc3

SHA256
d7df4cb3dbd5a94160c5b6162dafaf67f8cb0c35c76a06a9af9434633ee4d0ad

SHA512
d11c3cd38fc0eb5776ec2a68881aee9c1735650e6ecc745291edf0017c59f3182eb96d854aefa553e4b2bae28ee94ab4fe945f9c0eba7a396bd6670d883746d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
e20284cb48e0c7774f5cdb442fd2b96e

SHA1
3503fba83ddc4a6c84489a4d1b6f25708ed87ff6

SHA256
b249f9c495e92429b99f65173c2657879d3554d0c558b10688340b9ffe63e511

SHA512
e3729290228db8be44a081aded0249ad65af2becba9a1b1b9f181d005655cae3fb40dc8d38f6aca0358b238ef90ef1a14556ba5a86e6692a11e30b6666e0743c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
013df8c06be6bff603bab470ae337512

SHA1
49219e4f67b074114e79d29f1496cbc536a62fb4

SHA256
292efa7d216b222cefe64d71c20408edbb58f68686c1a3ac2cc798086a961357

SHA512
7204466cf5ea52bb3f23c88d5a4f22327d4a6f24c91287630a443e2bffba142d17e3feb94977947765f2130deeb7fc818641ad4be711b0537cf5f8443d9a01f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
2fd918c8fc5509070e1693f5fcae0e92

SHA1
13fcd965226da25b1768ebbadb0e151ebaa2c5c6

SHA256
3cef93500eb93d2558c63f4a80f3606d3e3dc888ce1a167addff98a842f2a4a5

SHA512
b9d729f0f0f9176e74256bcb092ec39e8da7d06ed93837559f391a43ffd125afd5da4365be3fd0f3a25d0840626b015871ed2bf08b23af4b738eb94fd54dcd6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
c720aa100d6cd12cb35bd92a8e30f68a

SHA1
ba7b2d06dc0f081c8329a42c45becf3bc438716b

SHA256
53ba6f3d2212adc50ffcfc5c2ef2a00f747449828ee64c543d15f8e3586778ed

SHA512
a1902fa337c4b319c47b99d535eede16ec87f7e2d4dd1587eb7b010d262a6db6010fa0bebc1d43d6504d5d3e66b7c53655f66438e659ec8f72aebade0be77b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
2f71c74796b54d356a2af95761fa92e6

SHA1
e4d408d3423cdc9b89e911aeba9f4fa246f38c76

SHA256
b7c45d0bedfb9d9c8a326261ababd261563e5e5002c585aff19e495cca4bd716

SHA512
335f2d2aa6f32e0b21e8d9a30bcd9af7a9d085dcbdb02bd7357f7560e8f734e99604b1d23ed18f7b0de216f2a103808bcb30517531c87346cd2019961f030708

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
19c667de8a60c9b3ef57b881d0f50523

SHA1
94b52eeebff40db46f1beaa82b5b6fed6ea4ac8c

SHA256
600c77e83c85ccc43b913b7dd3e7c33a9735b5383877576f1692b396af9616cf

SHA512
c377bb605d8c42d10f2e306ebd82e3fde304c3b8eb6d39c3c6f82ff15bd7df17fc10aae056b2c82c19123b988fd3069049f6eb6499de542a24a27ca46873d584

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
9ad762c4b02178f870e59deb34dec2c4

SHA1
3ff25c47fb7820f6544b8d75d978cc5c1fd9c160

SHA256
cced12f658e9a61c11dfa2f0d50742857d29b86edc0db43242ffd6e6c072f256

SHA512
94357c8a5012cefe0e10d5f518f9867d04895277be037d43f71b3f1e00974f045722e881e1a5be51ef014ea30892bde6e1174a69fa2e76298a18cde0f3f105e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
d43205fd14d4e7d8b7a43b1520018e4e

SHA1
2bf5a04853debec2dbf3566012f3395eac9230a1

SHA256
dba3d48ecb41ea6bbaee7a564aca2b98e34a9fe3e52667aac366a5397b1990b4

SHA512
313423f2215cdb3164b98f3dc92e44be000d3fb209c924c339e2ce5931899e223b2a19ec332f1b92cb51c670945b4ed693e607e75aa91fabfc75c9bdc9ea0fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
3KB

MD5
4a58b1858fb645c4c06f9fbf135825b5

SHA1
56c4311bdef3322763f541035dcd8c7a07506f6d

SHA256
4c81c729dd10df9690062439f3403e533b2e1f614e140de128d20d29e4314396

SHA512
ee95151fb96c700cb8c2f07a1f72ec543248445772740a5e17799411deafd98ed58f7b678a4349b407df151b76afb3c121c79aeb6f85314095f3484ad26d094a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1006B

MD5
51169a221d37e590238cf437b33758c8

SHA1
5a190d0660fbde70d1a382fc1d5c9fbd511b9ec9

SHA256
33856732919b2550faf9a066c470e88b051252069f45028b1d0b7d75e0d6a9f9

SHA512
e1ca16e8e36b1b5c6564894ee02051074cce1ce9e81f745b8d2682e0b8c31e4df8dda465a7c4962d3ca5e8a51316341c09ca2b9bf206279cea9d2797768a6cb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
b9352774336d0ef931caab66af4c6ee5

SHA1
46e28f51a94d9263e4d6f3edd8fea2e30dc5d0ee

SHA256
59cba74c58429c16ffc56e1a2494635934fa2628dae5f0aeb7eb22e2625ea053

SHA512
1dbf9ef188ce7d5225664e899627dfead65186ac3d874997548093b8fd357582b53165db9f397a6470733de6d518ca36e2eeb336c8e766c1e3c55643df56ca08

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
3ab4e801dd794d28ed45c6eb0eac401e

SHA1
2f6ba55cda21d11eee5297714982f54747aa81f5

SHA256
4e64f09356a371659b2b1a6036bf5d883a31ccc14501e0ab650e296ed88318e5

SHA512
6bf3cb63b84ec35a84054d4a0fb597266add32b8c4674f9670efa743da9de118d1147fed6e978b08b03d455c78d1366a550b8c46081a808305e6ff2e0601f38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
2bb5f1d883f90f160f4e1a2674e5a40e

SHA1
769422c3bb64e75c1d7368dadb8c3fd372faeb8c

SHA256
09febf74cef20f94c9d3582b201efcc5b002b493fb9fb1ea1e6806499f8df3c6

SHA512
469bd8f2778a014ac10c54efacbeeb65b2a95bc6306900b5cb15d792554e17ef0c6192a7bb99f81fe9454371b7ede8b42f123e15221a66aa72c3db2580e31cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
e4bd9b16b5b7cff5ef33e199bc5b9145

SHA1
a863e8a2f9fcdc13dc3052dac1431e4cb1080da9

SHA256
0edfcac807c0fb829b267c15babbd0544cec44d9571e27a3f0217660e36edb9c

SHA512
d5887ccf21a37d76ee342d4972a88a40e795175f9142aa777341ac2b1a9b8e8ef88499ba0a04da9e74d759936cda274191f7559eb85db0d094163bbd27b9d477

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
f2f195ca9d2a1777f0e67bfc8a314383

SHA1
5e9b5214ed68acfed31d0736c44918e07a0c88c8

SHA256
fdcdc41fceb1c4e618ee722a371cef0230a8bdfc8e222848d2f8d59581060a1f

SHA512
0e107106a03ca8e011f7f275c4bdbddaf939d981d0862d3c6d9fd7c9d6e0e19eec965cd3af3c379d948d854b61628974691f2ffd19b2a4abc6a1963984163b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
6a6908ce26f494c2ca0b642166b39b4e

SHA1
fa7fffcf779bbcf054c93e158aa5e8aff822a150

SHA256
ce9353137f461cfdf27e8edcbb843ac2fee7d7464e313cbd73f0dcfe5e58d9d6

SHA512
4bc5a29b378b54a68031da80885f88d0602a1c384d8d35eca816952999029a61d3407e6dfa266625a62cd5a440ab44a9ad8f3f382c28f8de74854913007393d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133560694746948000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2412-42-0x0000000003EA0000-0x0000000003F3E000-memory.dmp

Filesize
632KB

Download
memory/2412-135-0x0000000000B90000-0x0000000000C2E000-memory.dmp

Filesize
632KB

Download
memory/2412-179-0x0000000003EA0000-0x0000000003F3E000-memory.dmp

Filesize
632KB

Download
memory/2412-0-0x0000000000B90000-0x0000000000C2E000-memory.dmp

Filesize
632KB

Download
memory/2512-136-0x0000000000B90000-0x0000000000C2E000-memory.dmp

Filesize
632KB

Download
memory/2512-43-0x0000000000B90000-0x0000000000C2E000-memory.dmp

Filesize
632KB

Download